5 comments

[ 2.6 ms ] story [ 13.5 ms ] thread
That is because people do passwords wrong. Just make your passwords 40-60 characters of a common natural language statement with a random non-alphanumeric character at the end. That is really hard to brute force and easy to remember.

Unfortunately, this simple solution won't work on archaic legacy systems that force stupid password rules and max lengths.

The average person cannot remember more than 8 characters. So a 40-60 character string of random characters, many of which we rarely use naturally is not really feasible :)
That is so completely not what I said. I bet my grandmother, if she were still alive, could easily remember this 63 character password:

I wish I could walk my grandchildren to school when it is cold%

We all can memorize a handful, but not 50 of them. That approach is cute, but it doesn't scale.
I really do not see the difference between that, mnemonically speaking, and a random smattering of 8 special characters.